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DETAILED ACTION 

The instant application having Application No. 10/577,158 is presented for 
examination by the examiner. Claims 21 and 39 are amended; claims 29 and 33 are 
canceled. As such, claims 21-28, 30-32, and 34-40 remain pending. 

Response to Amendment 

Claim Objections 

Claim objections are withdrawn due to amendments. 

Claim Rejections - 35 USC §112 

The following is a quotation of the second paragraph of 35 U.S.C. 1 12: 

The specification shall conclude with one or more claims particularly pointing out and distinctly 
claiming the subject matter which the applicant regards as his invention. 

Claim 21-28, 30-32, and 34-40 are rejected under 35 U.S.C. 112, second 
paragraph, as being indefinite for failing to particularly point out and distinctly claim the 
subject matter which applicant regards as the invention. 

As per claims 21 and 39, the newly amended limitation results in confusion as to 
how the claimed invention operates. The preamble now states that the method is 
carried out on at least one of each initialization, activation, or deactivation of the at least 
one additional application. First of all, when read with the rest of the preamble, the 
grammar and sentence structure does not make much sense. Secondly, in the body of 
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the claim, it is the one resource or functions of the security module that are activated or 
deactivated. Therefore, it is not clear how the method being carried out actually causes 
initialization, activation, or deactivation, of the additional application because this step 
is not actually performed by the claimed method. In other words the cause and effect 
relationship is not definitively claimed. Appropriate correction is required. 



Response to Arguments 

Applicant's arguments filed 10/7/10 have been fully considered but they are not 
persuasive. Applicant alleges that the combination of Parker and Dutta fail to disclose 
the subject matter of the independent claims. It is alleged that Parker and Dutta do not 



selectively activating or deactivating at least one resource as data or 
functions stored in said security module by executing the instructions 
included in the cryptogram and using the selected resource to 
condition the functioning of the at least one additional application 
stored in the equipment according to criteria established by at least 
one of a supplier of said additional application, the operator and a 
user of the equipment, 

wherein the resources as data or functions of the security module 
used by the main application are left active for connection of the 
equipment to the network so as to obtain further cryptograms from 
the control server. 

Examiner respectfully disagrees with this allegation. In the last office action, 
dated 7/19/10, Examiner already stated that Parker is silent in explicitly teaching 
selectively activating or deactivating at least one resource as data or functions stored in 
said security module by executing instructions included in the cryptogram and using the 



selected resource to condition the functioning of the at one additional application stored 
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in the equipment according to criteria established by at least one of a supplier of said 
additional application, the operator, or the user of the equipment, wherein the resources 
as data or functions of the security module used by the main application are left active 
for connection of the equipment to the network so as to obtain further cryptogram from 
the control server. Also in that same action, the mechanics of Dutta were shown to 
teach these features (also see below). In an effort to distinguish the teachings of Dutta 
from those of the claimed invention, Applicant expresses that the "claimed" invention 
automatically receives identification data and manages security from the control server 
and even lists specific opportunities as to when this may occur (see page 12 of 
Applicant's response filed 10/7/10). In response to applicant's argument that the 
references fail to show certain features of applicant's invention, it is noted that the 
features upon which applicant relies (i.e., automatic managing from the control 
server) are not recited in the rejected claim(s). Although the claims are interpreted in 
light of the specification, limitations from the specification are not read into the claims. 
See In re Van Geuns, 988 F.2d 1181, 26 USPQ2d 1057 (Fed. Cir. 1993). Applicant 
attempts to differentiate the claimed invention from Dutta by insinuating that the user 
controls the remote activation and reactivation whereas as the claimed invention does 
this automatically from the control server. After careful consideration of the claims, 
particularly claim 21 , the selectively activating or deactivating is not directly performed 
by the control server. The control server generates and transmits the cryptogram. It 
appears from the claim that one additional application is managed by at least one of a 
supplier, the operator, or the user of the equipment. Applicant admits that the user of 
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Dutta is responsible in part for the activating and deactivating. Therefore, since both 
Dutta and the claimed invention can rely upon the user to manage this control over the 
phone, they are indistinguishable. As such the claimed requires no more than is taught 
by the prior art. 

In further attempts to show that a proper prima facie case of obviousness has not 
been shown by the Examiner, Applicant purports that no explicit rationale was disclosed 
by the Examiner. To the contrary Examiner has shown that two teachings both related 
to the securing of resources in cell phones, can obviously be combined when the result 
of such combination yields a predictable result. The yielded result is, inter alia, 
improved security and greater control remotely over the phone. One of ordinary skill in 
the art can appreciate these results from the combination of Parker and Dutta. 
Therefore, Examiner maintains that a proper prima facie case of obviousness has been 
established. 



Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as 
set forth in section 102 of this title, if the differences between the subject matter sought to be 
patented and the prior art are such that the subject matter as a whole would have been obvious 
at the time the invention was made to a person having ordinary skill in the art to which said 
subject matter pertains. Patentability shall not be negatived by the manner in which the invention 
was made. 
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Claims 21-28, 30-32, and 34-40 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over USP 5,864,757 to Parker in view of USP Application Publication 
2002/0186845 to Dutta et al., hereinafter Dutta. 

As per claim 21 , Parker teaches a method for managing the security of at least 
one additional application associated to a main application with a security module of an 
equipment connected, via a network, to a control server managed by an operator, the 
main application and the additional applications use resources as data or functions 
stored in a security module [SIM] locally connected to said equipment, comprising the 
following preliminary steps: 

receiving via the network, by the control server identification data comprising at 
least the type and software version of the equipment (col. 6, line 46) and the identity of 
the security module (col. 1, lines 50-55 and col. 8, lines 21-25), 

analyzing and verifying by the control server of said data (col. 8, lines 26-28), 

generating, by the control server, a cryptogram (col. 8, lines 41-44) from the 
result of the verification of said data, 

transmitting, by the control server, the cryptogram, via network and the 
equipment, to the security module (col. 8, lines 60-65), 

receiving and analyzing the cryptogram by the security module for acting on 
specific application according to instructions included in the cryptogram (col. 9, lines 50- 
55). 
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Parker is silent in explicitly teaching the method being carried out on at least one 
of each initialization, activation, or deactivation of the at least one additional application 
and selectively activating or deactivating at least one resource as data or functions 
stored in said security module by executing instructions included in the cryptogram and 
using the selected resource to condition the functioning of the at one additional 
application stored in the equipment according to criteria established by at least one of a 
supplier of said additional application, the operator, or the user of the equipment, 
wherein the resources as data or functions of the security module used by the main 
application are left active for connection of the equipment to the network so as to obtain 
further cryptogram from the control server. 

Dutta teaches the above limitation as selectively controlling resources of a 
security element (SIM) from application of the mobile phone wherein the main 
application (connectivity to the network) is left active (0007-0010). Dutta basically 
teaches the authentication functions and other secured functions are disabled remotely. 
This prevents additional applications such as web browsers (inherently for e- 
commerce transactions) from gaining access to security keys and other secured data 
stored in the SIM. The phone's ability to stay on the network is taught as a means to 
receive further remote commands and to respond to the security alert by sending 
acknowledgments and other location specific data (0021 and 0040). By rendering the 
e-commerce functions disabled, the application for performing e-commerce is effectively 
disabled (0007). As such the e-commerce application is interpreted as one of a type of 
additional applications. 
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For purposes of examination, the main application is interpreted as the main 
network connectivity application and the additional applications are some software 
functions (such as web browsers and e-commerce transactions) other than the main 
calling application. Parker discloses locking down a phone to only emergency calls. 
Even in the emergency mode the phone is sill able to connect to the network. 
Deactivating just the security functions allows the phone to stay on the network, send 
acknowledgements of the remote commands, and report its location. Being able to 
perform these functions while still preventing a malicious user from acquiring the secure 
data of the legitimate user is an obvious reason for combining these two teachings. 
Therefore it would have been obvious to one of ordinary skill in the art at the time of the 
invention to combined the teaching of Dutta with those of Parker to give service 
providers control over not only the calling functions of a cell phone but also the 
applications running on them in order to safeguard the SIM data. 

As per claim 22, Parker teaches the equipment is a mobile equipment of mobile 
telephony (see abstract). 

As per claim 23, Parker teaches the network is a mobile network of the GSM, 
GPRS or UMTS type (col. 1, line 36). 

As per claim 24, Parker teaches the security module is a subscriber module of 
a SIM card type inserted into the mobile equipment of mobile telephony (col. 1 , line 50). 

As per claim 25, Parker teaches the identification of the set mobile equipment 
/ subscriber module is carried out from the identifier of the mobile equipment and from 
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the identification number of the subscriber module pertaining to a subscriber to the 
mobile network (col. 8, lines 55-65). 

As per claim 26, Parker teaches the criteria [locked/unlocked] defines the usage 
limits [activate / deactivate] of an application according to the risk [key exposure] 
associated to said application and to the type and the software version of the mobile 
equipment that the operator and/or the application supplier and/or the user of the mobile 
equipment want to take in account (col. 9, lines 2-4). Upon activating a locked phone, 
Parker teaches a phone can be relocked if a key is compromised and needs to be 
changed. This process takes into account the identity information inside the phone, 
including the SIM. 

As per claim 27, Parker teaches the activation method is carried out after each 
connection of the mobile equipment to the network (col. 9, line 1 1). A check is made at 
turn on to see if the device is locked. It does however bypass the rest of the activation 
method and goes to the authentication part of the method if the check is satisfied. 

As per claim 28, Parker teaches the activation method is carried out after each of 
updating the software version of the mobile equipment (col. 9, lines 1-5). Anytime the 
phone receives a new subscriber identification code it is necessary for the handset to 
re-register with the base station. 

As per claim 30, Parker teaches the activation method is carried out after each 
updating of the software version of the subscriber module (col. 9, lines 1-5). Anytime 
the phone receives a new subscriber identification code it is necessary for the handset 
to re-register with the base station. 
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As per claim 31 , Parker teaches the activation method is out after each updating 
of the resources on the subscriber module (col. 9, lines 1-5). Anytime the phone 
receives a new subscriber identification code it is necessary for the handset to re- 
register with the base station. 

As per claim 32, Parker teaches the activation method is carried out periodically 
at a rate [each startup] given by the control server (col. 9, line 11). 

As per claim 34, Parker teaches the subscriber module, prior to the execution of 
the instructions given by the cryptogram, compares the identifier of the mobile 
equipment with that previously received (Fig. 5, 172). 

As per claim 35, Parker teaches the control server, prior to the transmission of 
the cryptogram, compares the identifier of the mobile equipment with that previously 
received and only initiates the verification operation if the identifier has changed (col. 8, 
lines 55-65). This activation is only done a second time if the SIM or any of its values 
change. Otherwise, the server already knows the phone is ok and does not send it a 
new IMSI. 

As per claim 36, Parker teaches the cryptogram is made up of a message 
encrypted by the control server with the aid of an asymmetrical or symmetrical 
encryption key from a data set containing, among other data, the identifier of the mobile 
equipment, the identification number of the subscriber module, the resource references 
of the subscriber module and a predictable variable (col. 8, lines 50-59). 

As per claim 37, Parker is silent in disclosing the subscriber module transmits to 
the control server, via the mobile equipment and the mobile network, a confirmation 
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message when the subscriber module has received the cryptogram, said message 
confirming the correct reception and the adequate processing of the cryptogram by the 
subscriber module. Dutta teaches this limitation (0037 and 0040). Examiner supplies 
the same rationale as recited in the rejection of claim 21 to incorporate leaving the main 
application functional in order to receive acknowledgement of the phone's deactivation. 

As per claim 38, Parker teaches the equipment is a Pay-TV decoder or a 
computer to which the security module is connected (col. 12, lines 60-65). 

As per claim 39, it is rejected for the same reasons as claim 1 . 

As per claim 40, Parker teaches a subscriber module of the "SIM card" type 
connected to a mobile equipment (col. 1 , lines 50-55). 

Conclusion 

Applicant's amendment necessitated the new ground(s) of rejection presented in 
this Office action. Accordingly, THIS ACTION IS MADE FINAL. See M PEP 
§ 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 
CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 



Application/Control Number: 10/577,158 Page 12 

Art Unit: 2431 

TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to MICHAEL R. VAUGHAN whose telephone number is 
(571 )270-731 6. The examiner can normally be reached on Monday - Thursday, 7:30am 
- 5:00pm, EST. If attempts to reach the examiner by telephone are unsuccessful, the 
examiner's supervisor, William Korzuch can be reached on 571-272-7589. The fax 
phone number for the organization where this application or proceeding is assigned is 
571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
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USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 



/M. R. V./ 

Examiner, Art Unit 2431 



/William R. Korzuch/ 

Supervisory Patent Examiner, Art Unit 2431 



